Security hole experienced RC 0.2

inferencia

inferencia

Verified User
Joined
Aug 21, 2005
Messages
677
Location
Spain
Hello guys,

Just received an email from a trustworthy user, with a screenshot from one of his users.

Said he was checking his email in Roundcube (v0.2, just updated, DA v.1.33) , opened a PPS, and all of the sudden he was looking at a different user's inbox. Made a snapshot and reported it (thank god becuase that could get us into big legal problems)

Both users are totally unrelated. The user whos stuff was accidentaly hacked into was over his space quota, not suspended, incase this extra info helps any.

Has anyone experienced this ? Any suggestions ?
 
Yes,.. PPS ,. is a power point presentation archive.

No,.. they are completely different user on the same shared server, and that's what worries me the most.
 
Hi guys,

We have seen some suspicious entries, and decided to put mod_sec on high. But we haven't flagged anything as being related yet.

Floyd, good question. I have not been able to reproduce the same, even opening up the same PPS.

I will consider anything to look into. We will start looking at mysql stuff.
 
Don't know if it's simulair to the upper messages, but i have been talking with somebody that wanted to notify me about a backdoor at html2text wich gave him a method to upload, download and/or change files and install a ircbot on the server.

He pointed me to http://www.milw0rm.com/exploits/7553

It seems html2text is very buggy currently and needs to be updated.


You can notice this backdoor by going to your /tmp directory, you should find a file there ending with the extention .txt (in most cases).
 
You must log in or register to reply here.
Back
Top